Want to create an interactive transcript for this episode?
Podcast: Chaos Computer Club - recent audio-only feed
Episode: Sandboxing services with Landlock (asg2025)
Description: Landlock is an unprivileged kernel feature that enables all Linux users to sandbox their processes. Complementary to seccomp, developers can leverage Landlock to restrict their programs in a fine-grained way. While Landlock can be used by end users through sandboxer tools, there is currently no well-integrated solution to define security policies tailored to system services. Although AppArmor and seccomp security policies can already be tied to a system unit, we aim to provide a more dynamic, standalone, and unprivileged option with Landlock.
In this talk, we'll briefly explain what Landlock is and highlight its differences from other Linux security features...